Using the Go programming language to work with Border0

At Border0, we're big users and fans of the Go programming language; almost all of our code is written in Go. So it only made sense to open source our Go SDK for Border0. This SDK will make it easier for Go enthusiasts, novice or expert, to manage their Border0 resources or, even better, put SSO authentication in front of any net.Listener! This allows you to embed Border0 directly into your applications; let's dive in!

Managing Border0 Sockets and Policies in Go

The main components you work with in Border0 are Sockets and Policies. You can think of Sockets as virtual hosts or proxy servers just for you behind SSO. These come in various flavors, for example, HTTP(s), SSH, Database, and TCP sockets. Each of these can be configured to your unique requirements, and most importantly, each of them will have a set of Border0 policies. These policies allow you to configure who (SSO identity) should have access to what resources and under what conditions.

All of this can be configured using our admin portal or the Border0 CLI. Both use the public REST API, available at api.border0.com. Anyone with a Border0 account can use this API to automate your unique requirements. If your favorite language is Go, then the easiest way is to use our SDK. It abstracts some of the lower-level API handling, making it a pleasure to work with the Border0 API. 

Using the Border0 Go SDK, you can quickly get a list of all your sockets and policies, create new ones or manage and delete existing sockets and policies. All you need is an API token, and you're off to the races with your automation journey! To make it easy to get started, we put together a bunch of common examples; check out all the examples here.

Building TCP services using the Border0 net.Listener type

The Border0 SDK is a powerful tool for Go developers, designed to seamlessly integrate robust authentication and granular access control into your applications. In addition to managing Border0 resources, the SDK provides support for the net.Listener interface. 

Most Go developers are familiar with the net.Listener interface. Border0’s implementation of the net.Listener interface takes this familiarity and supercharges it with Border0 authentication, authorization capabilities, and a global anycast network.

So while it retains the simplicity and familiarity of Go's standard net.Listener, it comes supercharged with Border0's advanced features.

When you use Border0's net.Listener implementation, you're not just opening a port for communication; you're also ensuring that every request coming through is authenticated and continuously authorized. This means that your application is shielded from unauthorized access right from the entry point. The listener leverages Border0's policies, allowing developers to specify precisely which Single Sign-On (SSO) identities can access the service and under what conditions. This granular control ensures that your services are both secure and compliant. Additionally, you get audit and session log capabilities, providing you with insights into who connected to the listener, thus enhancing your auditing capabilities. Furthermore, the listener is integrated into the Border0 anycast platform, ensuring low latency and a seamless user experience.


A simple http server example with Border0

Learn how to build web applications with Go and Border0. Also see example code on Github

The example below demonstrates that with just a few lines of code, developers can harness the power of Border0, combining the simplicity of Go's standard library with enterprise-grade security and scalability.

package main import ( "fmt" "log" "net/http" "os" "github.com/borderzero/border0-go" "github.com/borderzero/border0-go/listen" ) func main() { listener, err := border0.Listen( // use the Border0 socket name defined here // socket will be created if not exists listen.WithSocketName("sdk-socket-http"), // Let’s attach a policy; make sure this policy exist listen.WithPolicies([]string{"production-engineers-only"}), // if not provided, Border0 SDK will use BORDER0_AUTH_TOKEN env var listen.WithAuthToken(os.Getenv("BORDER0_AUTH_TOKEN")), ) if err != nil { log.Fatalln("failed to start listener:", err) } handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // Border0 will set various HTTP headers related to the users’ identity. // We can use this to build identity aware applications name := r.Header.Get("X-Auth-Name") email := r.Header.Get("X-Auth-Email") fmt.Fprintf(w, "Hello, %s %s! This is Border0-go + standard library http.", name, email) }) log.Fatalln(http.Serve(listener, handler)) }

That’s it, with just a few lines of Go code, you’ve implemented an HTTP server that listens for requests on the Border0 listener. Note that this listener does not listen on a local port, it’s only available through Border0, no secret bypass!

To run the server, simply execute the following command:

go run main.go

The program automatically creates a Border0 socket for your Go web server, making it globally accessible via our anycast infrastructure. We handle your SSL certificates, DNS and enforce built-in SSO (single sign-on) authentication. Additionally, session logs give insights into who accesses your service. Plus, with the Border0 listener, it's possible to operate from behind NAT without the need for open inbound TCP ports

Check out this video, in which we build the app above, using the Border0 Go SDK

Getting started

Network socket programming in Go is fun, and with the Border0 Go SDK, you get a lot of extra features for free, making it even more enjoyable! Now you don't have to worry about SSL certificates, DNS names, ports, firewalls, or load balancers; pretty magical, right? 

Getting started is easiest with some examples, so make sure to check out the examples folder here. In the first few examples, we'll show you how to manage Border0 Sockets and Policies using the SDK. Followed by various net.Listener examples that show you how to make a simple Go web application with built-in support for Border0 or even an authenticated reverse proxy that performs content rewriting! 

Excited to try this? Check out our fully featured free community edition, or schedule a demo and let us walk you through a custom demo; let’s geek out together 🤓
Happy hacking!

Ready to level up
your security?